[usermanagement] Updated new controller.

55cfb716 · Benjamin Fischer · ccf9cf97 · 55cfb716
Commit 55cfb716 authored Jan 04, 2017 by Benjamin Fischer
--- a/vispa/controller/usermanagement.py
+++ b/vispa/controller/usermanagement.py
@@ -75,7 +75,7 @@ class BaseController(object):
        # collect the object to work on
        tar = self
        tars = deque([tar])
-        for n in range(len(names) - 1):
+        while tar and hasattr(tar, "_master"):
            tar = tar._master
            tars.appendleft(tar)
        rights = self._rights.get(rights, self._rights["__default__"])
@@ -117,34 +117,37 @@ class TableController(BaseController):
        super(TableController, self).__init__(*args, **kwargs)

    @cherrypy.expose
-    def create(self, name):
+    def add(self, name):
        self._rt("create")
        self._table.create(DB(), name)

    @cherrypy.expose
    def list(self):
-        return [entry.to_dict() for entry in self._rf("list", self._table.all(DB()))]
+        return [
+            call_mix(entry.to_dict, user=cherrypy.request.user)
+            for entry in self._rf("list", self._table.all(DB()))
+        ]

    @cherrypy.expose
    def info(self, name):
        base, = self._rga("info", name)
-        return base.to_dict()
+        return call_mix(base.to_dict, user=cherrypy.request.user)

    @cherrypy.expose
    def rename(self, name, new_name):
        base, = self._rga("rename", name)
-        base.rename(DB(), new_name)
+        base.rename(new_name)

    @cherrypy.expose
-    def delete(self, name):
+    def remove(self, name):
        base, = self._rga("delete", name)
-        base.delete(DB())
+        base.delete()

    @cherrypy.expose
-    def update(self, **kwargs):
+    def update(self, name, **kwargs):
        for key, value in kwargs.items():
            if key in self._setters:
-                base, = self._rgs("update_%s" % key, name)
+                base, = self._rga("update_%s" % key, name)
                func = getattr(base, "set_%s" % key)
                func(value)
            else:
@@ -155,29 +158,42 @@ class AssociationController(BaseController):
        self._assoc = kwargs.pop("assoc", [])
        super(AssociationController, self).__init__(*args, **kwargs)

+    def _info(self, item):
+        return {
+            "name": item.name,
+        }
+
    @cherrypy.expose
    def list(self, name):
        base, = self._rga("list", name)
        func = getattr(base, "get_%ss" % self._assoc)
-        return [obj.to_dict() for obj in call_mix(func, recursion_depth=0)]
+        return [self._info(obj) for obj in call_mix(func, recursion_depth=0)]

    @cherrypy.expose
    def add(self, name, assoc_name):
        base, target = self._rga("add", name, assoc_name)
        func = getattr(base, "add_%s" % self._assoc)
-        func(DB(), target)
+        func(target)

    @cherrypy.expose
    def remove(self, name, assoc_name):
        base, target = self._rga("remove", name, assoc_name)
        func = getattr(base, "remove_%s" % self._assoc)
-        func(DB(), target)
+        func(target)

 class AssociationToGroupController(AssociationController):
+    def _info(self, item):
+        return {
+            "name": getattr(item, self._assoc).name,
+            "confirmed": item.status == item.CONFIRMED,
+        }
+
    @cherrypy.expose
    def add(self, name, assoc_name, password=""):
        try:
-            super(AssociationToGroupController, self).add(name=name, assoc_name=assoc_name)
+            base, target = self._rga("add", name, assoc_name)
+            func = getattr(base, "add_%s" % self._assoc)
+            func(target, confirmed=0)
        except AjaxException as e:
            if e.code != 403:
                raise e
@@ -186,38 +202,47 @@ class AssociationToGroupController(AssociationController):
            func = getattr(base, "add_%s" % self._assoc)
            conft = Group_User_Assoc if self._table.__name__ == "User" else Group_Group_Assoc
            if base.privacy == Group.PUBLIC:
-                func(DB(), target, conft.CONFIRMED)
+                func(target, conft.CONFIRMED)
            elif base.privacy == Group.PROTECTED:
                if not sha256_crypt.verify(password, base.password):
                    raise AjaxException(403)
-                func(DB(), target, conft.CONFIRMED)
+                func(target, conft.CONFIRMED)
            elif base.privacy == Group.PRIVATE:
-                func(DB(), target, conft.UNCONFIRMED)
+                func(target, conft.UNCONFIRMED)

    @cherrypy.expose
    def confirm(self, name, assoc_name):
        base, target = self._rga("confirm", name, assoc_name)
        func = getattr(base, "confirm_%s" % self._assoc)
-        func(DB(), target)
+        func(target)
+
+class AssociationToProjectController(AssociationController):
+    def _info(self, item):
+        return {
+            "name": getattr(item, self._assoc).name,
+            "roles": [
+                role.name for role in item.roles
+            ]
+        }

 class AssociationDeepController(AssociationController):
    @cherrypy.expose
    def list(self, name, mid_name):
-        base, mid, = self._rga("list", name)
+        base, mid, = self._rga("list", name, mid_name)
        func = getattr(base, "get_%ss" % self._assoc)
-        return [obj.to_dict() for obj in call_mix(func, mid, recursion_depth=0)]
+        return [obj.name for obj in call_mix(func, mid, recursion_depth=0)]

    @cherrypy.expose
    def add(self, name, mid_name, assoc_name):
-        base, mid, target = self._rga("add", name, assoc_name)
+        base, mid, target = self._rga("add", name, mid_name, assoc_name)
        func = getattr(base, "add_%s" % self._assoc)
-        func(DB(), mid, target)
+        func(mid, target)

    @cherrypy.expose
    def remove(self, name, mid_name, assoc_name):
-        base, mid, target = self._rga("remove", name, assoc_name)
+        base, mid, target = self._rga("remove", name, mid_name, assoc_name)
        func = getattr(base, "remove_%s" % self._assoc)
-        func(DB(), mid, target)
+        func(mid, target)

 class UMAjaxController(AbstractController):

@@ -244,7 +269,8 @@ class UMAjaxController(AbstractController):
            "remove": [
                (Rights.manager, Rights.none),  # managers can kick members
                (Rights.none, Rights.manager),  # anyone can leave on their own
-            ]
+            ],
+            "__default__": (Rights.manager,),
        }

        # now define the controllers
@@ -275,6 +301,7 @@ class UMAjaxController(AbstractController):
        ] + [
            AssociationToGroupController(table=t, assoc=a, rights=Rights.extend(rights_assoc, {
                "list": (Rights.public,),
+                "confirm": (Rights.manager, Rights.none),
                "add": (Rights.manager, Rights.none),
                "add_self": (Rights.none, Rights.manager),
            })) for t, a in [
@@ -297,7 +324,7 @@ class UMAjaxController(AbstractController):
        }, assocs=[
            AssociationController(table=User, assoc="manager", rights=rights_manager),
        ] + [
-            AssociationController(table=t, assoc=a, rights=rights_assoc, assocs=[
+            AssociationToProjectController(table=t, assoc=a, rights=rights_assoc, assocs=[
                AssociationDeepController(table=Role, assoc="%s_role" % a, rights=rights_admin)
            ]) for t, a in [
                (User, "user"),